Any Trusted CA problem

Alan DeKok aland at
Tue Feb 21 19:52:47 CET 2006

"Torkel Mathisen" <torkel.mathisen at> wrote:
> Anyway, here is the debug log and as you can see I get an unknown CA
> error. However I got all certs in the correct location on the
> freeradius server.

  The issue isn't the server certificates.

>   rlm_eap_tls: <<< TLS 1.0 Alert [length 0002], fatal unknown_ca TLS Alert read:fatal:unknown CA
>     TLS_accept:failed in SSLv3 read client certificate A ...

  The client certificate isn't signed by any CA that the RADIUS server
knows about.

  The solution is to not use client certificates for PEAP.  Or, to
ensure that the CA cert that the server has is the one you used to
sign the client certs.

  Alan DeKok.

More information about the Freeradius-Users mailing list